<!--#INCLUDE FILE="config.asp"-->
<%

cpassword = Request("password")
username = Request("username")

set objConnect = server.createObject("ADODB.Connection")       
		objConnect.open conStr
		
		Set oCmd = Server.CreateObject("ADODB.Command")
		  
		    oCmd.ActiveConnection = objConnect
			oCmd.CommandText = "sp_check_adminLogin" 
			oCmd.CommandType = 4
			Set ParaEmail = oCmd.CreateParameter("@username", 200,1,100, username)
			oCmd.Parameters.Append ParaEmail
			Set ParaPassword = oCmd.CreateParameter("@password", 200,1,50, cpassword )
			oCmd.Parameters.Append 	ParaPassword
			
			set rss = oCmd.execute
			
			if not rss.eof then	
				while not rss.eof
						Session("CostabajaId") = rss("UserId")
						Session("CostabajaAccessLevel") = rss("Role")
						Response.Redirect("Costabaja-dashboard.asp")
				rss.movenext
				wend
			else
			 	Response.Redirect("default.asp?msg=invalid")
			end if
			objConnect.close()
			set objConnect = Nothing
  %>